This project aims to deploy Cowrie honeypot on an internet facing server to capture attack intelligence and malware samples. The end goal is to derive our capture information into actionable intelligence that improves SSH defenses.

Completed

1. Setup Cowrie on AWS EC2 instance
2. Port logs to Sumo Logic
3. Create Panel for captures analysis

To do

1. Create YARA rules for malwares captured
2. Modify Cowrie to evade nmap detection

Sumo Logic Panel

https://service.ca.sumologic.com/ui/dashboard.html?k=gfof25sUY02Vs7aNQppqNjLXPzsyPutrCDI5VPtmbpy8i0XqBxXTojzMdFJr&f=&t=r